Tutorial for Kerio 2.1.5 ?

I have been using Kerio 2.1.5 on XP Pro for a few months. The PC
is standalone, at home and connected to the Net by cable.

When I look through the list of programs I am blocking I can't
really make much sense of what XP needs or doesn't need.

Also I can't make a lot of sense of how Kerio works - for example I
am struggling to do things like (1) export my list of Open
Connections At Local Host and (2) export my Firewall Configuration.

Is there a web site or group which helps new Kerio 2.1.5 users or
even tells them what they need to set up for basic broadband
surfing.

Jackeline D wrote:
> I have been using Kerio 2.1.5 on XP Pro for a few months. The PC
> is standalone, at home and connected to the Net by cable.
>
> When I look through the list of programs I am blocking I can't
> really make much sense of what XP needs or doesn't need.
>
> Also I can't make a lot of sense of how Kerio works - for example I
> am struggling to do things like (1) export my list of Open
> Connections At Local Host and (2) export my Firewall Configuration.
>
> Is there a web site or group which helps new Kerio 2.1.5 users or
> even tells them what they need to set up for basic broadband
> surfing.
Yes, there is a user forum at http://www.dslreports.com/forum/kerio.
look for BZ's sticky at the top. Also look at the Kerio and pre-v3.0
Tiny PFW FAQ. There is also a group on Yahoo which I have not tried.

V2.1.5, which I run, is well regarded. V4.x.x is slated as still being
very buggy.

I think some of BZ's anti-spoofing rules are OTT, but if you're paranoid
they may be good. If you run IE, make sure you have a local loopback
rule or it will crawl. I would also block any e-mail program from
accessing remote port 80 at any address. In reality, I allow mail
programs to access the news servers and mailboxes explicitly by Port and
IP address and deny anything else (but log it in case some of the
addresses change as the newsgroup ones did earlier this year)

Also look at
http://homepage.ntlworld.com/robin.d.../security.html for
how to set up the firewall security for basic broadband access (DNS and
DHCP requirements)

Nick

Nick H wrote:

> Jackeline D wrote:
>
>> I have been using Kerio 2.1.5 on XP Pro for a few months. The PC is
>> standalone, at home and connected to the Net by cable.
>>
>> When I look through the list of programs I am blocking I can't really
>> make much sense of what XP needs or doesn't need.
>>
>> Also I can't make a lot of sense of how Kerio works - for example I am
>> struggling to do things like (1) export my list of Open Connections At
>> Local Host and (2) export my Firewall Configuration.
>>
>> Is there a web site or group which helps new Kerio 2.1.5 users or even
>> tells them what they need to set up for basic broadband surfing.
>
> Yes, there is a user forum at http://www.dslreports.com/forum/kerio.
> look for BZ's sticky at the top. Also look at the Kerio and pre-v3.0
> Tiny PFW FAQ. There is also a group on Yahoo which I have not tried.
>
> V2.1.5, which I run, is well regarded. V4.x.x is slated as still being
> very buggy.
>
> I think some of BZ's anti-spoofing rules are OTT, but if you're paranoid
> they may be good. If you run IE, make sure you have a local loopback
> rule or it will crawl. I would also block any e-mail program from
> accessing remote port 80 at any address. In reality, I allow mail
> programs to access the news servers and mailboxes explicitly by Port and
> IP address and deny anything else (but log it in case some of the
> addresses change as the newsgroup ones did earlier this year)
>
> Also look at
> http://homepage.ntlworld.com/robin.d.../security.html for
> how to set up the firewall security for basic broadband access (DNS and
> DHCP requirements)
>
> Nick
Jackeline,

Added to my last post, if you want to see which Win XP services you want
to have running have a look at http://www.blackviper.com/. You may be
able to disable a lot of stuff you're not using.

Nick

If you don't know much what to let go and what to stop, I would strongly
advice you to get a router instead. By default, the NAT feature of it will
act as a basic firewall. If you get a SPI router, it would be even better.
It saves you from endless warning dialogue boxes. Most of them would so
logging too, which you can monitor all out going connection. A cheap router
cost you roughly 30 pounds which is more or less the same price as you paid
for some commercial firewall products.

In addition, you may get features like connection restriction, URL filter
etc, which is very useful if you have kids.

Here are few prices I gathered from ebuyer.com

NAT only
================
Linksys BEFSR41 (quickfind code: 37451)
35.09 GBP

Ebuyer 4 Port 10/100M Internet Broadband Router with USB Printer Server /
Origo BBR-1401 (quickfind code 52897)
27.02 GBP

U.S. Robotics Broadband Router with Paralell Print Server, USR 8000-02
(quickfind code: 44088)*
38.85 GBP

Netgear RP614 Broadband Router + 4 port 10/100 Switch (quickfind 35433)
38.11 GBP

With SPI
=======================
Linksys BEFSX41-Uk (ebuyer.co.uk , quickfind code: 45295)
50.25 GBP

Netgear FR114PUK (ebuyer.co.uk, quickfind code: 47104)
70.89 GBP


Anyway, this may sound a bit drastic but personally, I think it is a better
solution for novice users. So far my routers have saved me from MSBlaster
and Sasser Worms.

Regards

Garfield

* personally, I own a USR 8000-02 router. It is simple to configure, and
allow to connect my Kyocera FS1010 printer to the network.

"Nick H" <(E-Mail Removed)> wrote in message
newskKpc.111$(E-Mail Removed)...
> Jackeline D wrote:
> > I have been using Kerio 2.1.5 on XP Pro for a few months. The PC
> > is standalone, at home and connected to the Net by cable.
> >
> > When I look through the list of programs I am blocking I can't
> > really make much sense of what XP needs or doesn't need.
> >
> > Also I can't make a lot of sense of how Kerio works - for example I
> > am struggling to do things like (1) export my list of Open
> > Connections At Local Host and (2) export my Firewall Configuration.
> >
> > Is there a web site or group which helps new Kerio 2.1.5 users or
> > even tells them what they need to set up for basic broadband
> > surfing.
> Yes, there is a user forum at http://www.dslreports.com/forum/kerio.
> look for BZ's sticky at the top. Also look at the Kerio and pre-v3.0
> Tiny PFW FAQ. There is also a group on Yahoo which I have not tried.
>
> V2.1.5, which I run, is well regarded. V4.x.x is slated as still being
> very buggy.
>
> I think some of BZ's anti-spoofing rules are OTT, but if you're paranoid
> they may be good. If you run IE, make sure you have a local loopback
> rule or it will crawl. I would also block any e-mail program from
> accessing remote port 80 at any address. In reality, I allow mail
> programs to access the news servers and mailboxes explicitly by Port and
> IP address and deny anything else (but log it in case some of the
> addresses change as the newsgroup ones did earlier this year)
>
> Also look at
> http://homepage.ntlworld.com/robin.d.../security.html for
> how to set up the firewall security for basic broadband access (DNS and
> DHCP requirements)
>
> Nick

Garfield wrote:
> If you don't know much what to let go and what to stop, I would strongly
> advice you to get a router instead. By default, the NAT feature of it will
> act as a basic firewall. If you get a SPI router, it would be even better.
> It saves you from endless warning dialogue boxes. Most of them would so
> logging too, which you can monitor all out going connection. A cheap router
> cost you roughly 30 pounds which is more or less the same price as you paid
> for some commercial firewall products.
>
> In addition, you may get features like connection restriction, URL filter
> etc, which is very useful if you have kids.
>
> Here are few prices I gathered from ebuyer.com
>
> NAT only
> ================
> Linksys BEFSR41 (quickfind code: 37451)
> 35.09 GBP
>
> Ebuyer 4 Port 10/100M Internet Broadband Router with USB Printer Server/
> Origo BBR-1401 (quickfind code 52897)
> 27.02 GBP
>
> U.S. Robotics Broadband Router with Paralell Print Server, USR 8000-02
> (quickfind code: 44088)*
> 38.85 GBP
>
> Netgear RP614 Broadband Router + 4 port 10/100 Switch (quickfind 35433)
> 38.11 GBP
>
> With SPI
> =======================
> Linksys BEFSX41-Uk (ebuyer.co.uk , quickfind code: 45295)
> 50.25 GBP
>
> Netgear FR114PUK (ebuyer.co.uk, quickfind code: 47104)
> 70.89 GBP
>
>
> Anyway, this may sound a bit drastic but personally, I think it is a better
> solution for novice users. So far my routers have saved me from MSBlaster
> and Sasser Worms.
>
> Regards
>
> Garfield
>
> * personally, I own a USR 8000-02 router. It is simple to configure, and
> allow to connect my Kyocera FS1010 printer to the network.
>
> "Nick H" <(E-Mail Removed)> wrote in message
> newskKpc.111$(E-Mail Removed)...
>
>>Jackeline D wrote:
>>
>>>I have been using Kerio 2.1.5 on XP Pro for a few months. The PC
>>>is standalone, at home and connected to the Net by cable.
>>>
>>>When I look through the list of programs I am blocking I can't
>>>really make much sense of what XP needs or doesn't need.
>>>
>>>Also I can't make a lot of sense of how Kerio works - for example I
>>>am struggling to do things like (1) export my list of Open
>>>Connections At Local Host and (2) export my Firewall Configuration.
>>>
>>>Is there a web site or group which helps new Kerio 2.1.5 users or
>>>even tells them what they need to set up for basic broadband
>>>surfing.
>>
>>Yes, there is a user forum at http://www.dslreports.com/forum/kerio.
>>look for BZ's sticky at the top. Also look at the Kerio and pre-v3.0
>>Tiny PFW FAQ. There is also a group on Yahoo which I have not tried.
>>
>>V2.1.5, which I run, is well regarded. V4.x.x is slated as still being
>>very buggy.
>>
>>I think some of BZ's anti-spoofing rules are OTT, but if you're paranoid
>>they may be good. If you run IE, make sure you have a local loopback
>>rule or it will crawl. I would also block any e-mail program from
>>accessing remote port 80 at any address. In reality, I allow mail
>>programs to access the news servers and mailboxes explicitly by Port and
>>IP address and deny anything else (but log it in case some of the
>>addresses change as the newsgroup ones did earlier this year)
>>
>>Also look at
>>http://homepage.ntlworld.com/robin.d.../security.html for
>>how to set up the firewall security for basic broadband access (DNS and
>>DHCP requirements)
>>
>>Nick
>
>
>
Garfield,

I sort of agree with you but not fully. I have recently purchased a
Linksys BEFSX41, but you do have to watch carefully which firmware you
run. It is buggy. http://www.dslreports.com/ has some good forums to
research the problems of various makes and models.

One thing with any router is that it will only give you inbound
protection. Checking the router logs will not tell you which application
is making the connection. It is relatively easy to create a simple
set-up on a personal firewall such as ZoneAlarm. KPF needs a bit more
understanding but it is much more powerful (that is ZA Free vs KPF
Free). If Jackeline is concerned about which programs are allowed to
dial out, a router is not going to help. I run WinME, but in WinXP,
should svchost.exe be allowed to dial out? If so, should it be
restricted to certain servers or ports for its time synchronisation
function, or is it safe to give it unrestricted access (probably not).
How will a router help you with this?

Having said that, I would have thought, on balance, that if I had £40 to
spend on a firewall, it is probably better spent on a hardware firewall
than a software one. Then, if you want, go for a free software firewall
like KPF where any mistake you make with inbound rules is protected by
the router. The choice is personal. People will have very strong
feelings on this subject and you will find very polarised views.

Nick

I agree and understand a router could only protect you from inbound
intrusions, however, from my personal experience, I oftenly press one OK
button too much as after a while you sort of fedup with all these endless
warning dialoug boxes from said ZoneAlarm.

I know router/ connection log won't stop out-bound connections, but it
should tell you where you have connected to, and hope the user can detect
any abnormalies, and rectify the problems.

Like many reports had mentioned lately, many people install these utility
software and forget about them. Which in turns, reduce their effectiveness
significantly.

I guess if you are caution about all connections, software firewall is
necessary. However, if you are a novice user, i.e. all TCP/IP means to you
is no more than 5 letters, then, the chance of the user can interpret the
(vague) warning message from firewall is very little (e.g. what does
svchost.exe attempts to connection 124.56.89.42 means average users?) Even
if you are a computer literate, worms oftenly uses names that is very close
to normal system program, i.e. lsasss.exe Which in many occassions, catch
even caution users.

I totally agree software firewalls have their place and value in internet
security. The question is, for an average user, does it worth all these
hassles? Personally, I hate pop-ups ad, but I equally hate excessive
warning message.

The bottom line is down to personal preference as mentioned by Nick

Regards

Garfield

* Linksys BEFSX41 is just an example. It has been around for a while now,
hence, many problems would have been looked into. A SPI router is
preferred, but in most cases, simple NAT would do the trick (SPI has been
implemented in many new routers as a standard now)


"Nick H" <(E-Mail Removed)> wrote in message
newsNRpc.544$(E-Mail Removed)...
Garfield wrote:
> If you don't know much what to let go and what to stop, I would strongly
> advice you to get a router instead. By default, the NAT feature of it
will
> act as a basic firewall. If you get a SPI router, it would be even
better.
> It saves you from endless warning dialogue boxes. Most of them would so
> logging too, which you can monitor all out going connection. A cheap
router
> cost you roughly 30 pounds which is more or less the same price as you
paid
> for some commercial firewall products.
>
> In addition, you may get features like connection restriction, URL filter
> etc, which is very useful if you have kids.
>
> Here are few prices I gathered from ebuyer.com
>
> NAT only
> ================
> Linksys BEFSR41 (quickfind code: 37451)
> 35.09 GBP
>
> Ebuyer 4 Port 10/100M Internet Broadband Router with USB Printer Server /
> Origo BBR-1401 (quickfind code 52897)
> 27.02 GBP
>
> U.S. Robotics Broadband Router with Paralell Print Server, USR 8000-02
> (quickfind code: 44088)*
> 38.85 GBP
>
> Netgear RP614 Broadband Router + 4 port 10/100 Switch (quickfind 35433)
> 38.11 GBP
>
> With SPI
> =======================
> Linksys BEFSX41-Uk (ebuyer.co.uk , quickfind code: 45295)
> 50.25 GBP
>
> Netgear FR114PUK (ebuyer.co.uk, quickfind code: 47104)
> 70.89 GBP
>
>
> Anyway, this may sound a bit drastic but personally, I think it is a
better
> solution for novice users. So far my routers have saved me from MSBlaster
> and Sasser Worms.
>
> Regards
>
> Garfield
>
> * personally, I own a USR 8000-02 router. It is simple to configure, and
> allow to connect my Kyocera FS1010 printer to the network.
>
> "Nick H" <(E-Mail Removed)> wrote in message
> newskKpc.111$(E-Mail Removed)...
>
>>Jackeline D wrote:
>>
>>>I have been using Kerio 2.1.5 on XP Pro for a few months. The PC
>>>is standalone, at home and connected to the Net by cable.
>>>
>>>When I look through the list of programs I am blocking I can't
>>>really make much sense of what XP needs or doesn't need.
>>>
>>>Also I can't make a lot of sense of how Kerio works - for example I
>>>am struggling to do things like (1) export my list of Open
>>>Connections At Local Host and (2) export my Firewall Configuration.
>>>
>>>Is there a web site or group which helps new Kerio 2.1.5 users or
>>>even tells them what they need to set up for basic broadband
>>>surfing.
>>
>>Yes, there is a user forum at http://www.dslreports.com/forum/kerio.
>>look for BZ's sticky at the top. Also look at the Kerio and pre-v3.0
>>Tiny PFW FAQ. There is also a group on Yahoo which I have not tried.
>>
>>V2.1.5, which I run, is well regarded. V4.x.x is slated as still being
>>very buggy.
>>
>>I think some of BZ's anti-spoofing rules are OTT, but if you're paranoid
>>they may be good. If you run IE, make sure you have a local loopback
>>rule or it will crawl. I would also block any e-mail program from
>>accessing remote port 80 at any address. In reality, I allow mail
>>programs to access the news servers and mailboxes explicitly by Port and
>>IP address and deny anything else (but log it in case some of the
>>addresses change as the newsgroup ones did earlier this year)
>>
>>Also look at
>>http://homepage.ntlworld.com/robin.d.../security.html for
>>how to set up the firewall security for basic broadband access (DNS and
>>DHCP requirements)
>>
>>Nick
>
>
>
Garfield,

I sort of agree with you but not fully. I have recently purchased a
Linksys BEFSX41, but you do have to watch carefully which firmware you
run. It is buggy. http://www.dslreports.com/ has some good forums to
research the problems of various makes and models.

One thing with any router is that it will only give you inbound
protection. Checking the router logs will not tell you which application
is making the connection. It is relatively easy to create a simple
set-up on a personal firewall such as ZoneAlarm. KPF needs a bit more
understanding but it is much more powerful (that is ZA Free vs KPF
Free). If Jackeline is concerned about which programs are allowed to
dial out, a router is not going to help. I run WinME, but in WinXP,
should svchost.exe be allowed to dial out? If so, should it be
restricted to certain servers or ports for its time synchronisation
function, or is it safe to give it unrestricted access (probably not).
How will a router help you with this?

Having said that, I would have thought, on balance, that if I had £40 to
spend on a firewall, it is probably better spent on a hardware firewall
than a software one. Then, if you want, go for a free software firewall
like KPF where any mistake you make with inbound rules is protected by
the router. The choice is personal. People will have very strong
feelings on this subject and you will find very polarised views.

Nick

On Sun, 16 May 2004 23:32:17 +0100 and in article <8ZRpc.550$EH5.543
@newsfe6-win>, Garfield said...
: * Linksys BEFSX41 is just an example. It has been around for a while now,
: hence, many problems would have been looked into. A SPI router is
: preferred, but in most cases, simple NAT would do the trick (SPI has been
: implemented in many new routers as a standard now)
:
I, personally, find SPI a fucking *pain*. nmap doesnt work with it
enabled, UDP time requests outbound frequently fail and other niggles
happen when using my debian box for dns-utils.

Basically, SPI is good, but its over sensitive and can cause great
annoyance if you're not a 'standard' net user.

--
chris

"Garfield" <garfield_online@no_spam.lycos.co.uk> wrote:

> If you don't know much what to let go and what to stop, I
> would strongly advice you to get a router instead. By
> default, the NAT feature of it will act as a basic firewall.
> If you get a SPI router, it would be even better. It saves you
> from endless warning dialogue boxes. Most of them would so
> logging too, which you can monitor all out going connection.
> A cheap router cost you roughly 30 pounds which is more or
> less the same price as you paid for some commercial firewall
> products.


Thank you for the info.

Here is something odd. I Googled for "SPI" and tried to access
this page using my Opera browser:

<http://tanuki.homeftp.org:443/module...file=article&s
id=70>

I got a popup message from Opera saying "Access to this port is
disabled for security reasons".

Why is this coming up? Is it due to Opera? I daren't try Internet
Explorer in case it lets some problem through!

> On Sun, 16 May 2004 Garfield said...
>>
>> Linksys BEFSX41 is just an example. It has been around for
>> a while now, hence, many problems would have been looked
>> into. A SPI router is preferred, but in most cases, simple
>> NAT would do the trick (SPI has been implemented in many new
>> routers as a standard now)


chris <(E-Mail Removed)> wrote:
>
> I, personally, find SPI a fucking *pain*. nmap doesnt work
> with it enabled, UDP time requests outbound frequently fail
> and other niggles happen when using my debian box for
> dns-utils.
>
> Basically, SPI is good, but its over sensitive and can cause
> great annoyance if you're not a 'standard' net user.
>

I Googled "SPI" and found some info.

Is SPI an alternative to something else called "NAT"?

Do I have to choose one or the other?

"Jackeline D" <(E-Mail Removed)> wrote in message
news:94EC58FCB82E753F89A@194.168.222.124...
> > On Sun, 16 May 2004 Garfield said...
> >>
> >> Linksys BEFSX41 is just an example. It has been around for
> >> a while now, hence, many problems would have been looked
> >> into. A SPI router is preferred, but in most cases, simple
> >> NAT would do the trick (SPI has been implemented in many new
> >> routers as a standard now)
>
>
> chris <(E-Mail Removed)> wrote:
> >
> > I, personally, find SPI a fucking *pain*. nmap doesnt work
> > with it enabled, UDP time requests outbound frequently fail
> > and other niggles happen when using my debian box for
> > dns-utils.
> >
> > Basically, SPI is good, but its over sensitive and can cause
> > great annoyance if you're not a 'standard' net user.
> >
>
> I Googled "SPI" and found some info.
>
> Is SPI an alternative to something else called "NAT"?
>
> Do I have to choose one or the other?

No.

Jackie. Just enable the XP built in firewall and uninstall any other
unnecessary complexity you've added.
Use the tools mentioned elsewhere in this thread to put your mind at rest as
far as viruses, trojans and spyware are concerned. If you don't have any
viruses/trojans/spyware on the system then they can't make outgoing
connections so they don't need a firewall to stop them.

Joe